277 lines
7.4 KiB
JavaScript
277 lines
7.4 KiB
JavaScript
/**
|
|
* Express based http & https server
|
|
*
|
|
* Requires express >= 4
|
|
*/
|
|
|
|
/*
|
|
var common = require ('./server/common'),
|
|
authorize = require ('./server/authorization'),
|
|
dbs = require ('./server/dbs'),
|
|
files = require ('./server/files');
|
|
*/
|
|
var fs = require ('fs'),
|
|
http = require ('http'),
|
|
https = require ('https'),
|
|
express = require ('express'),
|
|
session = require ('express-session'), // session management
|
|
morgan = require ('morgan'), // logger
|
|
//serveFavicon = require ('serve-favicon'),
|
|
bodyParser = require ('body-parser');
|
|
//MongoStore = require ('connect-mongo')(session); // uss mongodb as session storage
|
|
var Message = require('./message.model.js');
|
|
|
|
var app = express();
|
|
|
|
var http_port=8013;
|
|
https_port=8889;
|
|
|
|
/*
|
|
* Init
|
|
*/
|
|
/*ll
|
|
common .init ();
|
|
authorize.init (common);
|
|
dbs .init (common);
|
|
files .init (common);
|
|
*/
|
|
|
|
// Security
|
|
app.disable ('x-powered-by'); // TODO: Disable Header information: Powerd by Express -> Information disclosure
|
|
|
|
|
|
/*
|
|
* Route Control
|
|
*/
|
|
|
|
// Logger
|
|
app.use (morgan ('dev'));
|
|
//app.use(express.logger ( { format: 'default', stream: output_stream } ));
|
|
|
|
// Fastpaths
|
|
//app.use (serveFavicon (__dirname + '/public/favicon.ico'));
|
|
|
|
// Session Management
|
|
app.use (session({
|
|
secret: 'adluhohks',
|
|
resave: false,
|
|
saveUninitialized: false,
|
|
cookie: {
|
|
maxAge: 30*24*3600*1000, // TODO: ttl for session as well (Store)
|
|
secure: false, // true for https only
|
|
},
|
|
name: 'om.sid',
|
|
//store: new MongoStore ({mongooseConnection: dbs.mongoose.connection, ttl: 30*24*3600}), // mongoose + connect-mongo
|
|
//store: new MemoryStore ({checkPeriod: 24*3600*1000}), // memorystore
|
|
}));
|
|
|
|
// Args
|
|
app.use (bodyParser.json());
|
|
app.use (bodyParser.urlencoded({extended: true}));
|
|
|
|
// API
|
|
//var api_routes = express.Router(); // express app-object routing
|
|
//app.use ('/api', api_routes);
|
|
|
|
app.use (function (req, res, done) {
|
|
console.log(req.url);
|
|
done();
|
|
});
|
|
|
|
//global.__basedir = __dirname;
|
|
|
|
// Static Files
|
|
app.use(express.static(__dirname + '/public')); // Allow server access to 'public' folder
|
|
|
|
//app.use(express.static('resources'));
|
|
|
|
// Configuring the database
|
|
var dbConfig = require('./mongodb.config.js');
|
|
var mongoose = require('mongoose');
|
|
|
|
mongoose.Promise = global.Promise;
|
|
|
|
// Connecting to the database
|
|
//mongoose.connect(`mongodb://${server}/${dbConfig.url}`)
|
|
mongoose.connect(dbConfig.url, {useNewUrlParser: true}).then(() => {
|
|
console.log("Successfully connected to MongoDB.");
|
|
}).catch(err => {
|
|
console.log('Could not connect to MongoDB.');
|
|
process.exit();
|
|
});
|
|
|
|
|
|
//require('./app/routes/message.route.js')(app);
|
|
|
|
app.get ('/api/ids', function (req, res) {
|
|
Message.find({},{id: true}) .exec () .then(results => {
|
|
//selects id from message:
|
|
var parsed = [];
|
|
for (var i in results) {
|
|
parsed.push (results[i].id);
|
|
}
|
|
//var parsed = results.map (x => x._id);
|
|
res.send(parsed);
|
|
} )
|
|
.catch(err => {
|
|
console.log (err);
|
|
res .status(500) .json (err);
|
|
});
|
|
});
|
|
|
|
app.get ("/api/msg/:id", function (req, res) {
|
|
Message.findOne ({_id: req.params.id}) .exec (function (err, results){
|
|
if (err) {
|
|
console.log (err);
|
|
res .status(404) .json (err);
|
|
} else {
|
|
console.log(JSON.stringify(results));
|
|
res.json(results);
|
|
}
|
|
});
|
|
});
|
|
|
|
/*app.get ("/api/msg/search/:phrase", function (req, res) {
|
|
Message.find ({$text: {$search: req.params.phrase}) .then (function (err, results){
|
|
if (err) {
|
|
console.log (err);
|
|
res .status(404) .json (err);
|
|
} else {
|
|
console.log(JSON.stringify(results));
|
|
res.json(results);
|
|
}
|
|
});
|
|
});
|
|
*/
|
|
/*function makeid() {
|
|
var text = "";
|
|
var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
|
|
|
for (var i = 0; i < 5; i++)
|
|
text += possible.charAt(Math.floor(Math.random() * possible.length));
|
|
|
|
return text;
|
|
}*/
|
|
|
|
app.post("/api/createMsg", function(req, res){
|
|
//x = mongoose.Types.ObjectId();
|
|
//y = x.toString();
|
|
//var z = makeid();
|
|
console.log("SUbject: "+JSON.stringify(req.body));
|
|
var message = new Message( {subject: req.body.sub, message: req.body.mess, user: req.body.use, tag: req.body.ta } );
|
|
|
|
message.save(function(err,result){
|
|
if(err){
|
|
return res .status(401) .send(err.message);
|
|
}else{
|
|
res.json({message: "Message created!!"});
|
|
}
|
|
});
|
|
});
|
|
|
|
// Other stuff is NOT authorized unless logged in
|
|
//app.use (authorize.genCheckAuthorized ('user'));
|
|
|
|
// Uploaded files
|
|
//app.use ('/uploads', expr ess.static(__dirname + '/uploads'));
|
|
|
|
// Other stuff is NOT authorized unless logged in
|
|
//app.use (authorize.genCheckAuthorized ('user'));
|
|
|
|
// Uploaded files
|
|
//app.use ('/uploads', express.static(__dirname + '/uploads'));
|
|
|
|
// Errors
|
|
// No error so far? Then it's a 404!
|
|
//app.use (function (req, res, next) { next (common.genError (404, req.url)); });
|
|
//app.use (routes.errorHandler (true)); /* true: show stack traces */ // TODO: Error Handler
|
|
|
|
|
|
/*
|
|
* API
|
|
*/
|
|
/*
|
|
// API allowed for all
|
|
api_routes.post ('/login', authorize.login); // /api/login
|
|
|
|
// Validate all other API calls
|
|
api_routes.use (authorize.genCheckAuthorized ('user'));
|
|
api_routes.post ('/logout', authorize.logout);
|
|
|
|
function addRoutes (r) {
|
|
for (var e in r.routes) {
|
|
var params = r.routes[e].params ? "/" + r.routes[e].params : "";
|
|
console.log ("Adding routes for /" + e + params + ":" +
|
|
(r.routes[e].get ? " get":" ") + (r.routes[e].post ? " post":" ") +
|
|
(r.routes[e].put ? " put":" ") + (r.routes[e].delete ? " delete":" "));
|
|
if (r.routes[e].get)
|
|
api_routes.get ('/' + e + params, r.routes[e].get);
|
|
if (r.routes[e].post)
|
|
api_routes.post ('/' + e + params, r.routes[e].post);
|
|
if (r.routes[e].put)
|
|
api_routes.put ('/' + e + params, r.routes[e].put);
|
|
if (r.routes[e].delete)
|
|
api_routes.delete ('/' + e + params, r.routes[e].delete);
|
|
}
|
|
}
|
|
|
|
addRoutes (dbs);
|
|
addRoutes (files);
|
|
*/
|
|
|
|
/*
|
|
* Servers
|
|
*/
|
|
|
|
http.createServer (app) .listen (http_port, function () {
|
|
console.log ("Express http server listening on port " + http_port);
|
|
});
|
|
|
|
/*
|
|
* SSL certificates
|
|
*
|
|
* Keys + Certificate in current dir (not servable!)
|
|
* to create (self-signed) SSL certs:
|
|
*
|
|
* openssl genrsa -out privatekey.pem 1024
|
|
* openssl req -new -key privatekey.pem -out certrequest.csr
|
|
* openssl x509 -req -in certrequest.csr -signkey privatekey.pem -out certificate.pem
|
|
* rm certrequest.csr
|
|
*/
|
|
|
|
var options;
|
|
try {
|
|
try {
|
|
// In case it's a real certificate: add CA chain cersts (TODO: use array if required)
|
|
var ca = fs.readFileSync ('keys/ca_cert.pem');
|
|
} catch (e) {
|
|
ca = undefined;
|
|
console.log ("Note: Can't read CA bundle: "+e);
|
|
}
|
|
if (ca != null) {
|
|
|
|
options = {
|
|
key: fs.readFileSync ('keys/omkey.pem'),
|
|
cert: fs.readFileSync ('keys/certificate.pem'),
|
|
ca: ca
|
|
};
|
|
https.createServer (options, app) .listen (https_port, function () {
|
|
console.log ("Express https server listening on port " + https_port);
|
|
});
|
|
}
|
|
} catch (e) {
|
|
console.log ("Note: Can't read SSL keys/certs: "+e+"\nDisabling https server");
|
|
}
|
|
|
|
|
|
/*
|
|
* Uncaught Exceptions
|
|
*/
|
|
|
|
process.on ("uncaughtException", function (err) {
|
|
console.error ("*** Uncaught Exception:");
|
|
console.error (err.stack);
|
|
});
|
|
|
|
|